Hi Randy,
I wrote a Bro plugin that takes care of the ’setcap’ tasks after each deploy. Just adjusts the paths to reflect your Bro instal. Let me know if you run into any issues with it.
https://github.com/PingTrip/broctl-setcap <https://github.com/PingTrip/broctl-setcap>
-Dave
>> and i got the worker-0 node to be able to pcap its eth0 by
>> sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
>> although i ran the same on worker-1 and worker-2, they fail with
>> worker-2 terminated immediately after starting; check output with "diag"
> worker-1 terminated immediately after starting; check output with "diag"
>> and the logs say
>> fatal error: problem with interface eth0 (pcap_error: socket: Operation not permitted (pcap_activate))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170213/ca593dba/attachment.html